Sally Beauty: Return of the Data Breach

One of the leading beauty supply chains around the world, Sally Beauty Holdings Inc., says the company is investigating unusual credit and debit card activity with cards used around various stores throughout the nation.

Multiple financial institution throughout the United States started to notice a pattern of fraudulent charges, finding all cards lead back to Sally Beauty customers throughout any number of their stores, KrebsonSecurity reported. Following the possible Sally Beauty second data breach, the company issued the following Statement earlier this morning:

“Sally Beauty Holdings, Inc. is currently investigating reports of unusual activity involving payment cards used at some of our U.S. Sally Beauty stores,” the Denton, Texas retailer wrote in a press release. “Since learning of these reports, we have been working with law enforcement and our credit card processor and have launched a comprehensive investigation with the help of a leading third-party forensics expert to aggressively gather facts while working to ensure our customers are protected. Until this investigation is completed, it is difficult to determine with certainty the scope or nature of any potential incident, but we will continue to work vigilantly to address any potential issues that may affect our customers.”

Continuing on, trying to soften the breach, the company writes: “Consistent with our ‘Love it or Return It’ policy, customer security and confidence remains our number one priority. As a result, we encourage any customer who is concerned about the security of their payment cards to call our Customer Service Hotline at 1-866-234-9442, so that we can assist them in addressing any potential concerns. Sally Beauty will, as appropriate, provide updates as we learn more from our investigation.”

Continuing on, Sally Beauty sent out a urgent alert to all their employees, stating associates should direct customers with credit or debit card issues to the Sally Beauty Website or to call the customer service line. One employee stated the company hadn’t received such an email since last time Sally Beauty had been breached.

Sally Beauty had experienced their first data breach back in early March of last year, the breach was identified when suddenly 282,000 credit cards were put up for sale on the black market. Financial institutions traced the card numbers and found all customers who had recently used their card at the supply chain had their card numbers stolen, pinpointing Sally Beauty to have experienced a second breach.

When the company was questioned on the possibility of a breach, a Sally Beauty spokesperson had confirmed the company had detected an intrusion on its network, but didn’t have forensic evidence to confirm whether or not customers credit and debit card numbers had been stolen.

Following a few short weeks after the breach was announced, the company confirmed that its networks were breached but determined less than 25,000 customers card numbers were stolen. Compiling the evidence, the company confirmed that the massive data breach had impacted some 2,600 Sally Beauty locations nationwide.

Sally Beauty has not yet identified the scope of the breach but has said the company is currently under investigation. KrebsonSecurity noted that Sally Beauty may not have been breached directly, and could be the victim of a larger scope breach among Harbortouch Point of Sale systems. However, one financial institutions told KrebsonSecurity there is very little overlap in customers cards who were hit with fraudulent charges from both of the vendors.

Sally Beauty may be the victim of a second data breach in just two years, having their point-of-sale systems taken over by malware swiping card numbers.